Server-Side Request Forgery in PraisonAI Versions Affecting Crawl4AI Backend
CVE-2026-61429

8.4HIGH

Key Information:

Status
Vendor
CVE Published:
11 July 2026

What is CVE-2026-61429?

PraisonAI versions prior to 1.6.78 are vulnerable to a Server-Side Request Forgery (SSRF) flaw within the Crawl4AI/Chromium backend. This vulnerability allows attackers to circumvent SSRF validation mechanisms. By exploiting a combination of DNS rebinding and HTTP redirects, attackers can craft specific URLs that redirect to internal services post-validation. This capability may enable unauthorized access to sensitive internal responses, potentially revealing confidential canary values. Organizations using affected versions are urged to upgrade and assess their systems immediately.

Affected Version(s)

PraisonAI 0 < 1.6.78

PraisonAI 1.6.78

References

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dinhvaren
.